James Lin
Reputation: 26558
Getting credential from yubikey for passwordless
Just started to play around yubikey, my question is based on the following assumptions:
- Passwordless doesn't need to know the username based on the following demo
- Based on this doc the
allowedCredentialscan be omitted
I registered the yubikey by using the django package django-fido
I am having problem using navigator.credentials.get(publicKey) to get the credential from yubikey, the publicKey parameter I am passing in as below:
{challenge: Uint8Array(32), rpId: 'localhost'}
It says the yubikey is not registered with this website, but I am pretty sure I did because if I don't use the passwordless approach, by specifying the allowedCredentials, I can find the key:
{challenge: Uint8Array(32), rpId: 'localhost', allowCredentials: Array(1)}
Upvotes: 1
Views: 325
Answers (1)
James Lin
Reputation: 26558
OK, digging into the django-fido package views.py found that I need to specify resident_key=True to store the credential on the key
def create_fido2_request(self) -> Tuple[Dict, Dict]:
"""Create and return FIDO 2 registration request.
@raise ValueError: If request can't be created.
"""
user = self.get_user()
assert user.is_authenticated, "User must not be anonymous for FIDO 2 requests."
credentials = self.get_credentials(user)
return self.server.register_begin(self.get_user_data(user), credentials, user_verification=self.user_verification, resident_key=True)
Upvotes: 0
Related Questions
- Can we store and read keys in Fido2 device (yubikey)
- Yubikey OTP Programming Issue with AccessCode
- How to Configure Yubikey 5 for Wondows Hello login
- FIDO2/WebAuthn "This security key doesn't look familiar."
- Howto verify a yubico otp response
- Django and Yubikey integrate
- YubiKey + Webauth: userHandle is always null
- How to authenticate for registerd user in yubikey python
- Is there a way to authenticate YubiKey from stand-alone C# application without internet connection?
- Using yubikey for sudo